Spamhaus targeted by most powerful DDoS strike in history

Spamhaus, a nonprofit that maintains blacklists of spammers, is the target of a massive denial of service assault. 

Spamhaus, an anti-spam organization, has been attacked by hackers.

Spamhaus, a nonprofit organization with headquarters in both London and Geneva, was founded in 1998, with the goal of identifying and helping to block large quantities of spam. According to its website, Spamhaus currently maintains several large block lists, which are used by a range of universities, Internet service providers, military institutions, and corporations to shield computers from the "vast majority of spam sent out on the Internet." 

But if you spend your time identifying professional spammers, you're going to end up ticking off a few people. The latest broadside against Spamhaus came earlier this month, when the organization added a company called Cyberbunker to its blacklist.

Supporters of Cyberbunker, a Web-hosting site based in the Netherlands, then reportedly launched a massive denial-of-service, or DDoS, attack against Spamhaus. 

By yesterday, those attacks were coming in at a whopping 300 gigabits per second, nearly overwhelming the Spamhaus site. Sites such as Boing Boing and the Register have called it the worst such assault in public Internet history.

In an interview with the BBC, Steve Linford, chief executive for Spamhaus, said that his team had managed to keep company servers online. "We've been under this cyber-attack for well over a week," Linford said. "But we're up – they haven't been able to knock us down. Our engineers are doing an immense job in keeping it up - this sort of attack would take down pretty much anything else."

Meanwhile, over at VentureBeat, John Koetsier agrees that the 300 gigabites per second of incoming data does constitute the "biggest-ever DDOS attack." But he points out that the scale of the attack was largely confined to Western Europe; thus far, the US remains largely unaffected. 

Last fall, several major banking institutions in the US, including JP Morgan Chase, Citigroup, and PNC Bank, were hit by DDoS barrages. 

"What these attacks appear to have shown is there are some attackers that have a full suite of DDoS methods," Matthew Prince, CEO of security company Cloud Flare told Ars Technica at the time, "and they're trying all kinds of different things and continually shifting until they find something that works. It's still cavemen using clubs, but they have a whole toolbox full of different clubs they can use depending on what the situation calls for."

For more tech news, follow us on Twitter @venturenaut.

of stories this month > Get unlimited stories
You've read  of  free articles. Subscribe to continue.

Unlimited digital access $11/month.

Get unlimited Monitor journalism.